๐Ÿ—“๏ธ
Last Updated: 2026-07-02

Updated after UAT setup session. See AI Session Handoff for full session detail.

Current Objective

Complete UAT execution at uat.sonandigital.com and resolve defects found during testing before production sign-off.

Current Milestone โ€” UAT v1.0

ItemStatus
UAT environment live (uat.sonandigital.com)โœ… Done
UAT Supabase database (separate from prod)โœ… Done
UAT test accounts created and linkedโœ… Done
UAT test execution๐Ÿ”„ In Progress
Defect resolutionโณ Pending UAT findings
Sign-offโณ Pending

Recently Completed

Items completed in the most recent development session (2026-07-02):

ItemDetail
Invite Client to PortalNew feature: POST /api/admin/clients/[id]/invite-portal creates a Supabase auth user and links clients.user_id. UI card added to Client Detail โ†’ Info tab. Super admin can revoke access (DELETE). 14 unit tests pass.
Employee portal theme fixSidebar was hardcoded bg-[#0A0A0A] (black). Fixed to bg-[#1B3A6B] (navy brand colour). Topbar and content area made theme-aware.
Portal documents full-widthPortalDocumentsClient.tsx had max-w-3xl mx-auto constraining the layout. Removed to match other portal pages.
UAT environment setupuat.sonandigital.com custom domain configured on Vercel Preview / dev branch. Cloudflare CNAME added. UAT client accounts linked to Crystal Dynamics and BlueSky Ventures.
Types fixClient interface in src/lib/supabase/types.ts was missing user_id: string | null. Added.

Known Bugs (Open)

Accepted gaps from v1.0 not yet resolved. Full detail in the Releases โ†’ v1.0 Known Issues page.

IDSeveritySummaryTarget
HIGH-1HighNo custom rate limiting on API routesv1.1
HIGH-4HighSilent email delivery failures, no retry queuev1.1
HIGH-6HighSigned document download URLs expire after 1 hourv1.1
HIGH-7HighNo TOTP recovery codes โ€” locked-out user requires admin resetv1.1
โ„น๏ธ
Resolved since v1.0 release

HIGH-2 (PDF generation) โ€” print pages implemented. HIGH-3 (Audit log) โ€” logAudit() helper and admin UI page implemented. HIGH-5 (Recurring invoice email) โ€” implemented in Sprint 9.

Deferred Work

  • Upstash rate limiting on API routes (HIGH-1)
  • Email delivery retry queue (HIGH-4)
  • Long-lived signed URLs for documents (HIGH-6)
  • TOTP recovery codes (HIGH-7)
  • QuickBooks integration
  • Multi-agency SaaS onboarding flow

Next Recommended Task

  1. Continue UAT execution โ€” work through all test cases in the UAT Execution Guide
  2. Log any defects found in the Defect Log
  3. After UAT complete: update AI Session Handoff and this page
  4. After sign-off: merge dev โ†’ main for production release

Estimated Production Readiness

AreaStatusNotes
Core CRM modulesโœ… Production-readyAll modules implemented and tested
Client portalโœ… Production-readyInvite flow, portal access, all pages
Employee portalโœ… Production-readyTheme fixed, all features working
Authentication & MFAโœ… Production-readyTOTP MFA, session management
Email notificationsโœ… Production-ready8+ transactional email types
Stripe paymentsโœ… Production-readyCheckout, webhooks, auto-paid status
Rate limitingโš ๏ธ PartialSupabase Auth built-in only; no app-level rate limits
Audit logโœ… ImplementedlogAudit() + admin UI page

Important Notes

  • The dev branch deploys to uat.sonandigital.com. The main branch deploys to production.
  • All git commits from the sandbox must use the FUSE-safe plumbing pattern. Never use git add on FUSE-mounted paths.
  • The sandbox cannot push to GitHub โ€” Adnan always pushes from the Windows terminal.